How to protect your privacy on dating apps

Dating apps are now as much a part of modern courtship as going to the movies or buying flowers. But dating apps like Tinder, Grindr, or Bumble, present significant privacy risks. This Valentine’s Day, take some time to protect your privacy on dating apps.

Online dating is a privacy nightmare because it’s a Catch-22. You are obviously looking to entice someone and therefore want to create a level of intimacy, but you are speaking with someone you have never met. It requires a delicate dance of revealing enough information about yourself to beguile without sharing too much. And you need to accept information from people on the other end of your conversation, hoping they are acting in good faith. 

Scammers know this. They have begun hacking these apps or using social engineering to access people’s most sensitive photos or to trick people into sending payments. According to the US Federal Trade Commission, romance scams have been increasing steadily(nuova finestra), and over $547 million was lost to these scams in 2021.

Beyond scammers, many of these dating apps use the data you give them to target you with ads. When you consider that hundreds of millions of people use dating apps around the world to meet new people, there is a lot of data to be mined. Furthermore, many dating apps have been less-than-responsible stewards of the data entrusted to them.

But don’t give up on love! (It is Valentine’s Day, after all.) There are ways to limit your exposure online.

What data do dating apps have?

Most dating apps use the data they collect from you to target you with ads. That’s how they can continue operating while offering their service for free. (It’s also why you often can get access to stronger privacy controls if you pay for a subscription to a dating app.) 

When you consider the types of sensitive information many of these apps require you to share when you create an account, this data collection can be concerning. As an example, before you can use Tinder, you must share:

  • Your phone number or Google or Apple account
  • Your first name
  • Your date of birth
  • Two photos of you
  • Your location by turning on location tracking on your phone
  • Your sexual orientation

And nearly all dating apps encourage you to share more information, from your place of work to your favorite hobbies to your ethnicity. They also monitor any activity in their app, including swipes and conversations(nuova finestra). Obviously, a dating app can use any information you share with it to target you with ads. 

Many dating websites also contain dozens of trackers. Ghostery(nuova finestra) found that Match Group dating services (including Match.com, Tinder, and OkCupid) had up to 36 trackers on their websites(nuova finestra), including trackers from Facebook and Google.

Graph of trackers contained on different dating websites. OkCupid and OurTime have 25 and Match.com has 36.

Dating app data breaches

Most dating apps are still relatively new. Tinder launched in 2012, yet it has already suffered several data breaches and has been caught improperly sharing user data. This is sadly the norm among dating apps, which is important to keep in mind as you decide what personal data to divulge in these apps.

Back in 2013, cybersecurity experts discovered trileration attacks ((similar to triangulation) that Tinder allowed third parties to discover users’ exact location(nuova finestra), down to within a few hundred feet. Tinder resolved the issue by only specifying their users’ location in increments of miles, making the location data much less precise. In 2014, experts found the same flaw in Grindr(nuova finestra). Grindr claimed to have resolved the issue, but in 2016, researchers in Japan(nuova finestra) could still determine Grindr users’ location. Then, in 2018, another security expert discovered the location of Grindr users(nuova finestra), including ones that had opted out of letting Grindr share their location data.

A report by Kaspersky in 2017(nuova finestra) examined several dating apps, including Tinder, Bumble, and OkCupid, and found that nearly all the Android versions of these apps stored sensitive data on the Android device without proper protection. Hackers could use Facebook authorization tokens to gain full access to your account. Once a hacker had this access, they could view all the messages sent and received through these dating devices.

In January 2018, the cybersecurity firm Checkmarx discovered that Tinder did not use HTTPS encryption(nuova finestra) to secure the photos on its iOS or Android apps. If hackers connected to the same WiFi network as a Tinder user, they could see the same photos that user was viewing, whether they swiped right or left, and even insert pictures into that user’s queue. Tinder has since added HTTPS encryption to all its services. 

In April 2019, the Norwegian Consumer Council (NCC) filed a complaint after discovering that Grindr was sharing its users’ HIV status with third parties(nuova finestra) without consent. Grindr has since announced it would stop sharing its users’ health information with third parties.

The NCC filed another complaint in 2020 after it found that Grindr, Tinder, and OkCupid were sharing data(nuova finestra) unexpectedly with ad networks and other third parties. This information included users’ ages, genders, GPS location, IP address, and details about their device. 

In January 2021, the dating website MeetMindful.com suffered a data breach(nuova finestra) that exposed the details of all of its nearly 2.3 million users. The breach exposed geolocation data, full names, email addresses, Facebook IDs, Facebook authentication tokens, and more. Later that year, an engineer discovered that Bumble allowed a trilateration attack(nuova finestra) (similar to the one that affected Tinder) that could expose a user’s exact location.

In 2022, “anti-vax dating” site Uninjected left its entire unencrypted database exposed, and in April 2023, Have I Been Pwned? founder and maintainer, Troy Hunt, reported data breaches(nuova finestra) affecting two dating websites –  CityJerks and TruckerSucker – that exposed highly personal information about their users. 

Just days later, a federal judge ordered that a class action against Bumble(nuova finestra) be sent to arbitration(nuova finestra), following complaints that Bumble harvests a huge amount of sensitive data from its users. It does this without their knowledge or consent, and shares it with third parties such as Facebook and Instagram. The plaintiffs argued that the case was “even more egregious,” due to a massive data breach in 2020 that potentially affected some 95 million Bumble  users(nuova finestra)

And if you like to be spooked, Hulu is now (2024) streaming a three-part documentary(nuova finestra) about the infamous dating site for cheaters, Ashley Madison(nuova finestra), that was devastatingly hacked in 2015(nuova finestra) and where personal details of more than 2,500 unfaithful (or would-be unfaithful) users were published online. 

The majority of these system-level vulnerabilities have been resolved, but they speak to a culture of playing fast and loose with people’s personal data. Fortunately, there are things you can do yourself to patch up potential security failures in the dating apps you use.

How to protect your privacy on dating apps

Account security

  • Beware of links, and especially links using shortened URLs. Hackers will try to lure you away from the dating app to sites where they can more easily harvest your data. This is one of the most common Tinder scams. Rest your cursor over any link before you click it, or copy and paste the link into https://www.checkshorturl.com/(nuova finestra)
  • Only ever access your dating app on a secure WiFi network. An even better option is to protect the internet connection of your dating app with a trustworthy VPN(nuova finestra). This will add an extra layer of security to the app’s encryption.
  • Consider subscribing to a paid plan. Many dating apps give you additional privacy options, like turning off location tracking or hiding your account, if you subscribe to a paid plan. 

Privacy and social engineering

  • Never share your full name, address, or place of work in your profile. Tinder, Bumble, and Happn all allow users to add information about their jobs and education. With just this information and a first name, Kaspersky researchers matched(nuova finestra) a dating app profile to a LinkedIn or Facebook account 60% of the time.
  • Use a VPN to block dating app trackers and trilateration attacks. Nearly every dating website and app contain trackers that can follow you around the internet. Proton VPN’s NetShield Ad-Blocker(nuova finestra) stops trackers from even loading, speeding up your internet connection. And, unlike other ad blockers, it can protect block trackers in apps, not just in your browser. 
  • Choose your profile pictures carefully. A lot of information can often be gleaned from what is in the background of a photo, information that could be used to identify you. Also, remember that if you use a photo from one of your social media accounts, a reverse image search could link your dating profile to that account.
  • Do not link your dating app account to other accounts, like Facebook, Twitter, Instagram, etc. This makes it easy for hackers to connect your social media profile to your online dating one. It also would expose your data if Facebook were to suffer a data breach(nuova finestra).
  • Don’t use your everyday email for your dating app or to contact new matches. Instead, use an alias(nuova finestra) or a private email(nuova finestra) just for that specific app or relationship.
  • Always disable location-sharing features.
  • Give a temporary phone number to your matches. You can use services like Phoner or Burner that give you temporary phone numbers that last a couple of weeks for free or for a small fee. Since they are temporary, it is hard to use such a phone number on your dating app account, but it could give you some time to meet your matches in real life before you trust them with your phone number.
  • Try reverse image searching your match’s profile picture if something feels off. If your search finds the photo is from a modeling agency or a foreign celebrity, you are likely looking at a fake account.
  • Avoid sharing specific information that could identify you. Eventually, you will have to share information about yourself. After all, you are trying to convince someone that you are interesting enough to meet. Try to talk more about your interests, ambitions, and preferences. More “I love pizza” than “My favorite pizza restaurant is on the corner of Main St. and 2nd Ave.” Never be afraid to say “no” if someone asks you for personal information that you’re not yet comfortable sharing.
  • Avoid sending photos to people you do not know. Photos can contain metadata about when and where the photo was taken. If you must share a photo, be sure to remove its metadata(nuova finestra) first.
  • Beware of chatting with bots. Online bots are getting harder and harder to detect, but one test you can try is to work gibberish into a phrase, like “I love a;lkjasdllkjf,” and see if the bot repeats the non-word or transitions into a non-sequitur question. (If it’s a human, you can always cover by saying your phone slipped.)
  • If someone asks you over a dating app to send them money, your answer should always be “No” unless you want to show up on the next version of The Tinder Swindler(nuova finestra)
  • Do not immediately friend your matches on Facebook. Once someone has access to your Facebook account, they can see your friend and family network along with your past activity and location. Wait until you have been dating for a month or two before friending them. (Or, more ideally, quit Facebook(nuova finestra).)

Physical safety

  • Arrange to meet in a public area and let a friend know that you are going. You should also choose to meet in a neutral place, not the restaurant or cafe you go to every week.

Don’t let this advice scare you off of dating apps! They can be fun, and they’ve helped millions of people find dates, hookups, friends, and partners. Just try not to let Cupid’s arrow lull you into a false sense of security, and always keep in mind that this person who seems too good to be true just might be.

Happy Valentine’s Day!




Articoli correlati

What is doxing and is doxing illegal
en
We look at what doxing is, who does it (and why), and at how to protect yourself from doxing .
Stream securely on tvOS with Proton VPN
en
With the Proton VPN Apple TV app, you can easily and securely watch your favorite content on your big-screen TV no matter where you are.
Illustrated laptop devices representing a network with a shield and a lock in the center of the screen
en
Cybercriminals will take any opportunity to gain unauthorized access to your servers. Learn how you can stop them.
Proton for Business now offers MDM support, more dedicated servers, and gateway monitoring.
en
Proton for Business now offers MDM support, more dedicated servers, and gateway monitoring.
How to disable browser extensions
en
  • Approfondimenti sulla privacy
How safe a browser extension is depends almost entirely on how trustworthy its developer is. We take a deep dive.
Apps like discord
en
  • Approfondimenti sulla privacy
Here's why you might want to consider a Discord alternative — and the pros and cons of seven other apps like Discord that you may want to switch to instead.